Until now, my recommendations for preventing data loss from Encrypting File System have been to disable EFS (it is enabled by default), then enable it for those few who really need the service and ensure that their keys are archived. Alternatively, I've helped organizations set up a public key infrastructure using Windows 2000 Certificate Services. This infrastructure does not provide any key-archival services, but it does allow a more organized approach to EFS management and allows the setup of multiple data recovery agents.

Neither method provides an easy approach for large numbers of users, and both involve lots of management issue...

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

s.

The release of Windows .NET Server offers a much better solution. With Windows .NET Server, Certificate Services provides the ability to do key archival. This means that a properly configured system will automatically archive the EFS encryption keys of each user. Should a user's drive be reformatted, or his keys otherwise destroyed, the keys themselves can be recovered. No data loss, no reliance on a data recovery agent, no inadvertent exposure of data to other individuals. --Roberta Bragg

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy